Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. @cloudflare/workers-oauth-provider
  4. ›
  5. CVE-2025-4143

CVE-2025-4143: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint

May 1, 2025 (updated July 28, 2025)

The OAuth implementation failed to check that redirect_uri was among the allowed set for the client_id.

References

  • github.com/advisories/GHSA-4pc9-x2fx-p7vj
  • github.com/cloudflare/workers-oauth-provider
  • github.com/cloudflare/workers-oauth-provider/pull/26
  • github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-4pc9-x2fx-p7vj
  • nvd.nist.gov/vuln/detail/CVE-2025-4143

Code Behaviors & Features

Detect and mitigate CVE-2025-4143 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 0.0.5

Fixed versions

  • 0.0.5

Solution

Upgrade to version 0.0.5 or above.

Impact 6.1 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Learn more about CVSS

Weakness

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Source file

npm/@cloudflare/workers-oauth-provider/CVE-2025-4143.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sat, 23 Aug 2025 00:18:58 +0000.